Watching performance on a DHCP Server
John Hascall
john at iastate.edu
Wed Feb 13 23:26:39 UTC 2008
> On Wed, 2008-02-13 at 12:04 -0600, John Hascall wrote:
> > It seems to me that without a timeout<1>, you have an avenue for a
> > more subtle denial of service attack -- instead of having to stream
> > so many packets at the server that you knock it over, you just have
> > to send enough to keep the input queue from emptying.
> the queue can only be 28 packets long.
But does every input packet, no matter how stupidly formed,
*always* result in something being put in the (output) queue?
> also, the code for a timeout is in but commented out for conflicting
> work (the timed event system has only recently been modified to support
> sub-second scheduling). it's a trivial matter to put it in now, and as
> i said earlier, we will do so in 4.1.0's alphas.
Great.
John
More information about the dhcp-users
mailing list